deps: Upgrade 2 packages to remove 5 vulnerabilities

[BacklineAI]

🔐 Security Vulnerability Fixes

✅ This pull request was created and verified by Backline to fix security vulnerabilities in your dependencies.

---

📦 Package Updates & Vulnerability Fixes

golang.org/x/crypto

v0.17.0 → v0.45.0

• 🟥 CVE-2024-45337 - golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto.
• 🟧 CVE-2025-22869 - golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh.
• 🟨 CVE-2025-47914 - golang.org/x/crypto/ssh/agent: in golang.org/x/crypto/ssh/agent.
• 🟨 CVE-2025-58181 - golang.org/x/crypto/ssh: in golang.org/x/crypto/ssh.

golang.org/x/image

v0.10.0 → v0.18.0

• 🟧 CVE-2024-24792 - Parsing a corrupt or malicious image with invalid color indices can ca ...

^{Legend: 🟥 Critical | 🟧 High | 🟨 Medium | 🟦 Low}

---

⚠️ Breaking Change Notice

** version upgrade to 1.24.0**
Please review the following before merging:

• 🔧 Local Development: Update your local installation to 1.24.0
• 🚀 CI/CD Pipeline: Verify build pipelines and Docker images use 1.24.0
• 📋 Dependencies: Ensure all build tools are compatible with the new version

---

Backline is here to help accelerate the remediation of your security backlog. Here's how we operate:

📥 Fetch Findings – Gather security issues
🔍 Analyze Findings – Understand the context and impact
📝 Plan Remediation – Generate a safe and effective fix strategy
👷 Apply Fix – Implement the remediation in code
🧪 Validate Code – Ensure the changes maintain code quality and integrity
✅ Verify – Run tests to ensure correctness and stability

[github-actions]

Invalid PR to non-dev branch master.